sha0coder

Security Research & Emulation

Tooling and research on reverse engineering, malware emulation and shellcode — plus an ongoing chapter on benchmarking LLMs.

Projects

MWEMU

Windows malware emulator for automated analysis. Emulates x86/x64 user-mode binaries and shellcode without executing them on a real system, designed for fast, scriptable reverse engineering.

source documentation

PyNasm

A transpiler that converts Python into assembly — a practical tool for writing and studying shellcode.

source

llmbench

A benchmark harness for language models: a cognitive battery covering logic, calculus, WISC-V / WAIS-IV-inspired subtests, number theory, philosophy and creativity, scored 0–100. Works against local models (Ollama) and frontier APIs with a fixed LLM judge for the open-ended items.

results & methodology — coming soon

Noise Hunter

A side project on pressure waves: tooling to study and characterize ambient sound.

source

Writeups

Scales — carving an embedded eBPF rootkit

Scales: an eBPF-based infostealer & rootkit targeting Arch Linux. Statically pulling the kernel-side eBPF program (scales.bpf.c) out of the deps loader (Atomic Arch AUR campaign) — no execution, no kernel, no root — driven with the mwemu and radare2 MCP servers. With IOCs.

read

Research

LLM Benchmark (coming soon) — an ongoing chapter evaluating language models with a reproducible, mostly-deterministic test battery. Methodology, per-model reports and a comparative ranking.

More topics in preparation: denoising, practical philosophy, evolutive systems.

Setup

My Linux (Debian) environment — awesome-wm, neovim and friends: sha0coder/setup.